일 | 월 | 화 | 수 | 목 | 금 | 토 |
---|---|---|---|---|---|---|
1 | 2 | 3 | 4 | 5 | 6 | 7 |
8 | 9 | 10 | 11 | 12 | 13 | 14 |
15 | 16 | 17 | 18 | 19 | 20 | 21 |
22 | 23 | 24 | 25 | 26 | 27 | 28 |
29 | 30 | 31 |
- Fortran 90
- reversing
- 시저 암호
- Mail Header injection
- overthewire
- Javscript
- base16
- base32
- Navajo alphabet
- BASE64
- webhacking
- sha1
- Linux
- cookie
- Masonic Cipher
- assembly
- JavaScript
- php_extract
- Qrcode
- 카이사르 암호
- AVR
- Pigpen Cipher
- Web Hacking
- burpsuit
- Python
- aslr
- vigenere cipher
- Caesar Cipher
- 비즈네르 암호
- sql injection
- Today
- Total
My Drive
[winpcap] tcp_header 본문
// tcp_header.c
#include "pcap.h"
typedef struct mac_address {
u_char byte1;
u_char byte2;
u_char byte3;
u_char byte4;
u_char byte5;
u_char byte6;
}mac;
#define ETHER_ADDR_LEN 6
struct ether_header
{
u_char ether_dhost[ETHER_ADDR_LEN];
u_char ether_shost[ETHER_ADDR_LEN];
u_short ether_type;
}eth;
typedef struct ip_address
{
u_char byte1;
u_char byte2;
u_char byte3;
u_char byte4;
}ip_address;
typedef struct ip_header
{
u_char ver_ihl;
u_char tos;
u_short tlen;
u_short identification;
u_short flags_fo;
u_char ttl;
u_char proto;
u_short crc;
ip_address saddr;
ip_address daddr;
u_int op_pad;
}ip_header;
typedef struct tcp_header
{
u_short sport;
u_short dport;
u_int seqnum;
u_int acknum;
u_char th_off;
u_char flags;
u_short win;
u_short crc;
u_short urgptr;
}tcp_header;
void packet_handler(u_char *param, const struct pcap_pkthdr *header, const u_char *pkt_data);
main()
{
pcap_if_t *alldevs;
pcap_if_t *d;
int inum;
int i = 0;
pcap_t *adhandle;
char errbuf[PCAP_ERRBUF_SIZE];
u_int netmask;
char packet_filter[] = ""; // 원하는 필터 정보 설정 (ex. "tcp")
struct bpf_program fcode;
if(pcap_findalldevs(&alldevs, errbuf) == -1) // 랜카드 검색
{
fprintf(stderr, "Error in pcap_findalldevs: %s\n", errbuf);
exit(1);
}
for(d=alldevs; d; d=d->next) // 검색된 랜카드 정보 출력
{
printf("%d. %s", ++i, d->name);
if(d -> description)
printf(" (%s)\n", d->description);
else
printf(" (No description available)\n");
}
if(i==0)
{
printf("\nNo interfaces found! Make sure WinPcap is installed.\n");
return -1;
}
printf("nic 카드 선택하세요..(1-%d):", i);
scanf("%d", &inum); // 랜카드 선택
if(inum < 1 || inum > i)
{
printf("\nInterface number out of range.\n");
pcap_freealldevs(alldevs);
return -1;
}
for(d = alldevs, i=0; i<inum-1; d=d->next, i++);
if((adhandle=pcap_open_live(d->name, 65536, 1, 1000, errbuf)) == NULL) // 네트워크 패킷을 수집하기 위한 방법 설정
{
fprintf(stderr, "\n %s isn't supported by winpcap \n", d->name);
return -1;
}
if(pcap_compile(adhandle, &fcode, packet_filter, 1, netmask) < 0) // 사용자가 정의한 필터링 룰을 bpf_program 구조체에 저장하여, 특정 프로토콜만을 선별적으로 수집
{
fprintf(stderr, "\nUnable to compile the packet filter. Check the syntax.\n");
pcap_freealldevs(alldevs);
return -1;
}
if(pcap_setfilter(adhandle, &fcode) < 0)
{
fprintf(stderr, "\nError setting the filter.\n");
pcap_freealldevs(alldevs);
return -1;
}
printf("\nlistening on %s...\n\n", d->description);
pcap_freealldevs(alldevs);
pcap_loop(adhandle, 0, packet_handler, NULL); // packet_handler() 함수 호출하여 패킷 수집
pcap_close(adhandle);
return 0;
}
void packet_handler(u_char *param, const struct pcap_pkthdr *header, const u_char *pkt_data)
{
#define IP_HEADER 0x0800
#define ARP_HEADER 0x0806
#define REVERSE_ARP_HEADER 0x0835
unsigned int ptype;
mac* srcmac;
mac* destmac;
destmac = (mac*)pkt_data;
srcmac = (mac*)(pkt_data+6);
struct ether_header* eth;
eth = (struct ether_header*)pkt_data;
ptype = ntohs(eth->ether_type);
ip_header* ih;
u_int ip_len;
ih = (ip_header*)(pkt_data+14);
ip_len = (ih->ver_ihl & 0xf) * 4;
printf("*************** Ethernet Frame Header ***************\n\n\n");
printf("Destination Mac Address : %02x.%02x.%02x.%02x.%02x.%02x\n\n", destmac->byte1, destmac->byte2, destmac->byte3, destmac->byte4, destmac->byte5, destmac->byte6);
printf("Source Mac Address : %02x.%02x.%02x.%02x.%02x.%02x\n\n", srcmac->byte1, srcmac->byte2, srcmac->byte3, srcmac->byte4, srcmac->byte5, srcmac->byte6);
if(ntohs(eth->ether_type) == IP_HEADER)
{
printf("Upper Protocol is IP Header(%04x)\n", ptype);
}
else if(ntohs(eth->ether_type) == ARP_HEADER)
{
printf("Upper Protocol is ARP Header(%04x)\n", ptype);
}
else if(ntohs(eth->ether_type) == REVERSE_ARP_HEADER)
{
printf("Upper Protocol is REVERSE ARP HEADER Header(%04x)\n", ptype);
}
else
{
printf("Upper Protocol isUnknown(%04x)\n", ptype);
}
if(ntohs(eth->ether_type) == IP_HEADER)
{
printf("\n\n--------------------- IP Header ---------------------\n\n\n");
printf("Destination IP Address : %d.%d.%d.%d\n\n", ih->daddr.byte1, ih->daddr.byte2, ih->daddr.byte3, ih->daddr.byte4);
printf("Source IP Address : %d.%d.%d.%d\n\n", ih->saddr.byte1, ih->saddr.byte2, ih->saddr.byte3, ih->saddr.byte4);
if(ih->proto == 6)
{
printf("Upper Protocol is TCP\n\n");
tcp_header *th;
th = (tcp_header*)((u_char*)ih+ip_len);
#define SYN 0x02
#define PUSH 0x08
#define ACK 0x10
#define SYN_ACK 0x12
#define PUSH_ACK 0x18
#define FIN_ACK 0x11
printf("\n\n--------------------- TCP Header ---------------------\n\n\n");
printf("Destination port number : %d\n", ntohs(th->dport));
printf("Source port number : %d\n", ntohs(th->sport));
if((th->flags) == SYN)
{
printf("Flags : SYN\n\n\n");
}
else if((th->flags) == PUSH)
{
printf("Flags : PUSH\n\n\n");
}
else if((th->flags) == ACK)
{
printf("Flags : ACK\n\n\n");
}
else if((th->flags) == SYN_ACK)
{
printf("Flags : SYN, ACK\n\n\n");
}
else if((th->flags) == PUSH_ACK)
{
printf("Flags : PUSH, ACK\n\n\n");
}
else if((th->flags) == FIN_ACK)
{
printf("Flags : FIN, ACK\n\n\n");
}
else
{
printf("Flags(Unknown) : %04x\n\n\n", th->flags);
}
}
else if(ih->proto == 11)
printf("Upper Protocol is UDP\n\n");
else if(ih->proto == 1)
printf("Upper Protocol is ICMP\n\n");
else
printf("Upper Protocol is Unknown\n\n");
}
else
{
printf("\n\n------------------- NO IP Header -------------------\n\n\n");
}
printf("\n*****************************************************\n\n\n\n");
}
'programming' 카테고리의 다른 글
[winpcap] pkt_dump (0) | 2015.07.26 |
---|---|
[winpcap] udp_header (0) | 2015.07.26 |
[winpcap] ip_header (0) | 2015.07.26 |
[winpcap] mac_address (0) | 2015.07.26 |
[winpcap] basic_dump (0) | 2015.07.26 |